[Ipg-smz] The use of URL Shorteners violates security principles

Tom Henderson thenderson at extremelabs.com
Mon Oct 8 17:15:44 UTC 2018 

Researching security has admittedly made me paranoid. Sadly, I'm 
rewarded constantly by my paranoia.

The numbing of the unbelievable number of break-ins, thefts, state 
actors, and more, is almost incomprehensible. And yet it's ignored. The 
US Gov cyber-czar position is still open. Nineteen US Gov agencies now 
have Venn diagram nexus over security. NINETEEN. And tell me how many 
credit-protection offerings have you been doled, THIS YEAR?

This death-by-a-thousand-cuts is really onerous, and contributes handily 
to the extreme stress levels found on the streets and even backwater 
warrens today.

The cure is salving and healing the wounds, one at a time. People 
unwittingly have, as you mentioned, learned to put up with historical 
misdeed until it's now part of their DNA to ignore the pains of them. 
But a preponderance, an accumulation of these pains is a weight. People 
don't see it until they're free of them.... like going on a trip to a 
place where there's no WiFi, no cell, and perhaps no AM/FM radio. Then 
they remember, and going back into the real world is like walking into a 
cacophony of madness. There was a quiet time. There was a time when all 
your info wasn't for sale on some .onion address. There was a time.

/preach

Tom



On 10/08/2018 01:01 PM, Cameron Laird wrote:
> /That/ is a second grad-level thesis: persistence of technologies 
> whose rationales have long since vanished.  URL shortening has been, 
> for some years, cargo culting, at best.  As Tom documents, it's now 
> hazardous cargo culting.  There are plenty of other examples of 
> widely-employed cultural elements that only can be understood as 
> historical vestiges--almost anything under "telco pricing" qualifies.
>
> On Mon, Oct 8, 2018 at 11:49 AM Esther Schindler <esther at bitranch.com 
> <mailto:esther at bitranch.com>> wrote:
>
>     Are they still a thing?
>
>     I used to use them because they provided some level of tracking
>     click throughs. That went away.
>
>     I also used to use them back when Twitter counted all the
>     characters in a URL as part of its 140. That went away too.
>
>     I’m not sure when/why anyone wants to use these any more… even
>     before the security vulnerabilites.
>
>>     On Oct 8, 2018, at 9:04 AM, Tom Henderson
>>     <thenderson at extremelabs.com <mailto:thenderson at extremelabs.com>>
>>     wrote:
>>
>>     I can give you a long list ofow.ly <http://ow.ly/>shortened URLs
>>     that will give you a malware dose the size of Cincinnati.
>>
>>     ONE SINGLE MISTYPED character will send a user into plain hell.
>
>     -- 
>     Ipg-smz mailing list
>     Ipg-smz at netpress.org <mailto:Ipg-smz at netpress.org>
>     http://netpress.org/mailman/listinfo/ipg-smz_netpress.org
>
>
>

-- 
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20181008/edb1eb01/attachment.html>

More information about the Ipg-smz mailing list